Innovate faster and cut risk with PHP experts from Zend Services.
Explore Services
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Read More
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Explore Training
Submit support requests and browse self-service resources.
Explore Support
information disclosure in function get_headers
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with a user-supplied URL, if the URL contains a zero (\u0000) character, the URL will be silently truncated at its first occurence. This may cause some software to make incorrect assumptions about the target of the get_headers(), which could lead to sending information to the wrong server or path on a server.
get_headers()
\u0000
Upgrade to 7.2.9 or above, 7.3.16 or above, or 7.4.4 or above.
Direct link to CVE-2020-7066 >
< View all CVEs